11 matches found
CVE-2025-67510
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...
CVE-2025-67510
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...
CVE-2025-67510 MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...
CVE-2025-67510
Neuron is a PHP framework for AI Agents. Versions 2.8.11 and earlier have a vulnerability in the MySQLWriteTool that can execute arbitrary SQL provided by the caller via PDO::prepare() and execute(), without semantic restrictions. In an LLM/agent context this enables prompt injection or indirect ...
CVE-2025-67510 MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...
CVE-2025-67510 MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...
EUVD-2025-202170
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...
Neuron 访问控制错误漏洞
Neuron is an Industrial Internet of Things IIoT connectivity server open-sourced by EMQ. Used for modern Big Data and AI/ML technologies to harness the power of Industry 4.0. An Access Control Error vulnerability exists in Neuron 2.8.11 and earlier versions, which stems from a lack of semantic...
PT-2025-50556
Name of the Vulnerable Software and Affected Versions Neuron versions prior to 2.8.12 Description The PHP framework Neuron has an issue where the MySQLWriteTool can execute arbitrary SQL queries provided by a caller, utilizing PDO::prepare and execute without restrictions. This occurs because the...
Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)
Impact MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause...
GHSA-898V-775G-777C Neuron MySQLWriteTool allows arbitrary/destructive SQL when exposed to untrusted prompts (agent “footgun”)
Impact MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause...